/* SPDX-License-Identifier: GPL-2.0-only */ /* Authors: Karl MacMillan <[email protected]> * Frank Mayer <[email protected]> * Copyright (C) 2003 - 2004 Tresys Technology, LLC */ #include <linux/kernel.h> #include <linux/errno.h> #include <linux/string.h> #include <linux/spinlock.h> #include <linux/slab.h> #include "security.h" #include "conditional.h" #include "services.h" /* * cond_evaluate_expr evaluates a conditional expr * in reverse polish notation. It returns true (1), false (0), * or undefined (-1). Undefined occurs when the expression * exceeds the stack depth of COND_EXPR_MAXDEPTH. */ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr) { … } /* * evaluate_cond_node evaluates the conditional stored in * a struct cond_node and if the result is different than the * current state of the node it sets the rules in the true/false * list appropriately. If the result of the expression is undefined * all of the rules are disabled for safety. */ static void evaluate_cond_node(struct policydb *p, struct cond_node *node) { … } void evaluate_cond_nodes(struct policydb *p) { … } void cond_policydb_init(struct policydb *p) { … } static void cond_node_destroy(struct cond_node *node) { … } static void cond_list_destroy(struct policydb *p) { … } void cond_policydb_destroy(struct policydb *p) { … } int cond_init_bool_indexes(struct policydb *p) { … } int cond_destroy_bool(void *key, void *datum, void *p) { … } int cond_index_bool(void *key, void *datum, void *datap) { … } static int bool_isvalid(struct cond_bool_datum *b) { … } int cond_read_bool(struct policydb *p, struct symtab *s, void *fp) { … } struct cond_insertf_data { … }; static int cond_insertf(struct avtab *a, const struct avtab_key *k, const struct avtab_datum *d, void *ptr) { … } static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *list, struct cond_av_list *other) { … } static int expr_node_isvalid(struct policydb *p, struct cond_expr_node *expr) { … } static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) { … } int cond_read_list(struct policydb *p, void *fp) { … } int cond_write_bool(void *vkey, void *datum, void *ptr) { … } /* * cond_write_cond_av_list doesn't write out the av_list nodes. * Instead it writes out the key/value pairs from the avtab. This * is necessary because there is no way to uniquely identifying rules * in the avtab so it is not possible to associate individual rules * in the avtab with a conditional without saving them as part of * the conditional. This means that the avtab with the conditional * rules will not be saved but will be rebuilt on policy load. */ static int cond_write_av_list(struct policydb *p, struct cond_av_list *list, struct policy_file *fp) { … } static int cond_write_node(struct policydb *p, struct cond_node *node, struct policy_file *fp) { … } int cond_write_list(struct policydb *p, void *fp) { … } void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, struct extended_perms_decision *xpermd) { … } /* Determine whether additional permissions are granted by the conditional * av table, and if so, add them to the result */ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd, struct extended_perms *xperms) { … } static int cond_dup_av_list(struct cond_av_list *new, const struct cond_av_list *orig, struct avtab *avtab) { … } static int duplicate_policydb_cond_list(struct policydb *newp, const struct policydb *origp) { … } static int cond_bools_destroy(void *key, void *datum, void *args) { … } static int cond_bools_copy(struct hashtab_node *new, const struct hashtab_node *orig, void *args) { … } static int cond_bools_index(void *key, void *datum, void *args) { … } static int duplicate_policydb_bools(struct policydb *newdb, const struct policydb *orig) { … } void cond_policydb_destroy_dup(struct policydb *p) { … } int cond_policydb_dup(struct policydb *new, const struct policydb *orig) { … }
Codebase Browser
linux